diTii.com - All About Techology : features Latest News and Informtion About Technology

Menu

Storm Worm Botnet Lobotomizing Anti-Virus Programs

The ever-mutating, ever-stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing anti-virus products on target systems, it's now doing a hot fix with a memory patch to render them brain-dead. The finding was made by Sophos and was mentioned by Joshua Corman, a principal security strategist for IBM […]

The ever-mutating, ever-stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing anti-virus products on target systems, it's now doing a hot fix with a memory patch to render them brain-dead.

The finding was made by Sophos and was mentioned by Joshua Corman, a principal security strategist for IBM Internet Security Systems, Oct. 23 in his presentation here at Interop on the challenge of evolving cyber-threats.

According to an Oct. 22 posting by Sophos analyst Richard Cohen, the Storm botnet—Sophos calls it Dorf, and it's also known as Ecard malware—is dropping files that call a routine that gets Windows to tell it every time a new process is started. The malware checks the process file name against an internal list and kills the ones that match—sometimes. But Storm has taken a new twist: It now would rather leave processes running and just patch entry points of loading processes that might pose a threat to it. Then, when processes such as anti-virus programs run, they simply return a value of 0.

Post navigation

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.